<div dir="ltr">Thanks, Ivan - really appreciate your response!<div><br></div><div>We are reviewing the ticket you referenced.  It does look the same LDAP error messaging is being reported.  We are considering the scope of and effort behind an upgrade.</div><div><br></div><div>Per your first comment in that ticket, we may attempt re-uploading the resource XML first.</div>> There is a chance that this was caused by something "else": either the Resource was somehow "corrupted" in repository or memory. After reuploading the resource XML AND restarting all midPoint nodes, this error seems to stop.<br><br>Will report back once we've had a chance to consider these options and let the community know of the outcome.<div><span style="color:rgb(23,43,77);font-family:-apple-system,system-ui,"Segoe UI",Roboto,Oxygen,Ubuntu,"Fira Sans","Droid Sans","Helvetica Neue",sans-serif;font-size:14px"></span></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div style="text-align:left"><br></div><div style="text-align:left">Brandon Powers</div><div><div style="text-align:left"><span>Exclamation Labs</span></div><span><div style="text-align:left">300 Washington Street</div></span><span><div style="text-align:left">Cumberland, MD 21502</div></span><div><a value="+18885455008" style="color:rgb(17,85,204)" href="tel:888.545.5008" target="_blank">888.545.5008</a><span style="color:rgb(34,34,34)"> or </span><a value="+13017225008" style="color:rgb(17,85,204)" href="tel:301.722.5008+ext+144" target="_blank">301.722.5008 ext 144</a></div><span><div style="text-align:left">fax <a value="+13017222183" style="color:rgb(17,85,204)">301.722.2183</a></div></span><div><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204)" target="_blank">brandon@exclamationlabs.com</a></div><span><div style="text-align:left"><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204);font-size:13px" target="_blank">www.exclamationlabs.com</a></div></span></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 25, 2020 at 2:07 AM Ivan Noris via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>Hi Brandon,</p>
    <p>could be this? <a href="https://jira.evolveum.com/browse/MID-6439" target="_blank">https://jira.evolveum.com/browse/MID-6439</a></p>
    <p>We had this issue too, but it seems to not happen again with
      midPoint 4.2 and more important - newest AD connector 3.1.</p>
    <p>Best regards,</p>
    <p>Ivan<br>
    </p>
    <div>On 24. 11. 2020 23:06, Brandon Powers
      via midPoint wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">Hey MidPoint Community!
        <div><br>
        </div>
        <div>We are currently struggling with an Active Directory
          Connector/connectivity issue that we have not encountered in
          any other midPoint implementation to date, and hoping someone
          may be able to shed some light or provide some guidance.</div>
        <div><br>
        </div>
        <div><b>Short Summary:</b></div>
        <div>Receiving the following error <i>occasionally</i> when
          importing many Active Directory accounts using the Active
          Directory (LDAP) Connector.</div>
        <div><b>Error Message:</b> In order to perform this operation a
          successful bind must be completed on the connection.</div>
        <div><b><br>
          </b></div>
        <div><b>Context:</b></div>
        <div>MidPoint Version: 3.9</div>
        <div>Active Directory Resource defined using the Active
          Directory Connector (LDAP): <a href="https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393" target="_blank">https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393</a></div>
        <div>Active Directory Connector Version: 2.0</div>
        <div>Active Directory</div>
        <div><br>
        </div>
        <div>Issue is not with the bind credentials themselves -
          connection works otherwise: Test connection is successful;
          recomputing individual users (even those that the issue shows
          up for during import); manually importing AD objects (users,
          groups) all work fine.</div>
        <div><br>
        </div>
        <div><b>Where we do have the issue:</b></div>
        <div>- When running import task for Active Directory resource
          including ~320 user accounts</div>
        <div>- Issue appears consistently during each import attempt,
          but inconsistently on varying user accounts</div>
        <div>- When the bind error occurs with both domain controllers,
          it halts the import and import task fails</div>
        <div>- During import, midPoint is generally able to import most
          user accounts before the issue starts manifesting</div>
        <div><br>
        </div>
        <div><b>Stacktrace:</b></div>
        <div>2020-11-24 02:34:19,110 [] [midPointScheduler_Worker-8]
          ERROR
          (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil):
          ConnId Exception
          org.identityconnectors.framework.common.exceptions.ConnectorIOException
          in connector:a399ee77-234c-4ae3-9880-65d557a67bc6(ConnId
          com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0):
ConnectorSpec(<a>resource:b09f29e2-aeec-40de-9c49-66d6bab62d18(Active</a>
          Directory (LDAP)), name=null,
          oid=a399ee77-234c-4ae3-9880-65d557a67bc6): LDAP error during
          search: operationsError: 000004DC: LdapErr: DSID-0C0907E9,
          comment: In order to perform this operation a successful bind
          must be completed on the connection., data 0, v2580? (1)<br>
org.identityconnectors.framework.common.exceptions.ConnectorIOException:
          LDAP error during search: operationsError: 000004DC: LdapErr:
          DSID-0C0907E9, comment: In order to perform this operation a
          successful bind must be completed on the connection., data 0,
          v2580? (1)<br>
          at
com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:580)<br>
          at
com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy.search(SimplePagedResultsSearchStrategy.java:239)<br>
          at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.searchUsual(AbstractLdapConnector.java:691)<br>
          at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:497)<br>
          at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:130)<br>
          at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:197)<br>
          at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:133)<br>
          at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
          Source)<br>
          at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
          at java.lang.reflect.Method.invoke(Method.java:498)<br>
          at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)<br>
          at com.sun.proxy.$Proxy219.search(Unknown Source)<br>
          at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
          Source)<br>
          at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
          at java.lang.reflect.Method.invoke(Method.java:498)<br>
          at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)<br>
          at com.sun.proxy.$Proxy219.search(Unknown Source)<br>
          at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
          Source)<br>
          at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
          at java.lang.reflect.Method.invoke(Method.java:498)<br>
          at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)</div>
        <div><br>
        </div>
        <div>Has anyone seen this issue before or have any ideas?
          Because the import fails, it causes issues with other
          resources and processes.</div>
        <div><br>
        </div>
        <div>Appreciate any advice anyone has to offer!<br clear="all">
          <div>
            <div dir="ltr">
              <div dir="ltr">
                <div>
                  <div dir="ltr">
                    <div>
                      <div dir="ltr">
                        <div>
                          <div style="text-align:left"><br>
                          </div>
                          <div style="text-align:left">Brandon Powers</div>
                          <div>
                            <div style="text-align:left"><span>Exclamation
                                Labs</span></div>
                            <span>
                              <div style="text-align:left">300
                                Washington Street</div>
                            </span><span>
                              <div style="text-align:left">Cumberland,
                                MD 21502</div>
                            </span>
                            <div><a value="+18885455008" style="color:rgb(17,85,204)" href="tel:888.545.5008" target="_blank">888.545.5008</a><span style="color:rgb(34,34,34)"> or </span><a value="+13017225008" style="color:rgb(17,85,204)" href="tel:301.722.5008+ext+144" target="_blank">301.722.5008
                                ext 144</a></div>
                            <span>
                              <div style="text-align:left">fax <a value="+13017222183" style="color:rgb(17,85,204)">301.722.2183</a></div>
                            </span>
                            <div><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204)" target="_blank">brandon@exclamationlabs.com</a></div>
                            <span>
                              <div style="text-align:left"><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204);font-size:13px" target="_blank">www.exclamationlabs.com</a></div>
                            </span></div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <pre cols="72">-- 
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
  </div>

_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>